CVE-2024-4447 | dotCMS Direct Web Remoting API UserSessionAjax.getSessionList.dwr authorization

Posted by Angelo Barbosa | Jul 26, 2024 | CVE

A vulnerability was found in dotCMS. It has been declared as problematic. This vulnerability affects the function UserSessionAjax.getSessionList.dwr of the component Direct Web Remoting API. The manipulation leads to incorrect authorization.

This vulnerability was named CVE-2024-4447. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-4447 | dotCMS Direct Web Remoting API UserSessionAjax.getSessionList.dwr authorization

Related Posts

CVE-2024-41889 | Pimax Play/PiTool Websocket Connection improper authentication

CVE-2024-42786 | Kashipara Music Management System 1.0 View User Profile Page /music/view_user.php id sql injection

CVE-2024-1481 | FreeIPA HTTP Request denial of service

CVE-2023-50369 | Alma Plugin up to 5.1.3 on WordPress cross site scripting